GOTCHA Password Hackers Jeremiah Blocki Manuel Blum Anupam
GOTCHA Password Hackers! Jeremiah Blocki Manuel Blum Anupam Datta Presented by Arunesh Sinha AISec 2013
Questions • Jeremiah Blocki was not able to make it because BLS International did not return his passport. • Arunesh Sinha agreed to present in his place. • Please address any questions to jblocki@cs. cmu. edu
GOTCHAs in the Blogosphere Answer: No! GOTCHAs address a fundamentally different problem than CAPTCHAs.
Offline Dictionary Attack jblocki, 123456 Username Salt Hash jblocki 89 d 978034 a 3 f 6 85 e 23 cfe 0021 f 584 e 3 db 87 aa 72630 a 9 a 234 5 c 062 SHA 1(12345689 d 978034 a 3 f 6)=85 e 23 cfe 0021 f 584 e 3 db 87 aa 72630 a 9 a 2345 c 062 + 5
A Common Problem • Password breaches at major companies have affected millions of users.
Costly Hash Functions Tradeoff
Outline • Offline Dictionary Attacks • Goal: Require Human Interaction – Failed Approach: CAPTCHAs – Human Only Solvable Puzzles (HOSPs) [CHS 2006] – Limitations • GOTCHAs • User Study • Challenge
Basic Idea: Require Human Interaction Goal: + 11
Basic Idea: Require Human Interaction Goal: + 12
A Failed Attempt jblocki, 123456 KWTER 123456 Username Salt jblocki 89 d 978034 a 3 f 6 1 f 88 ecdcb 0 c 2 5 e 8 ae 1 ed 1 c 9 c e 6 f 2 e 2 e 6 dcfb 0 e 21 Answer: KWTER Hash SHA 1(123456 KWTER 89 d 978034 a 3 f 6)=1 f 88 e cdcb 0 c 25 e 8 ae 1 ed 1 c 9 ce 6 f 2 e 2 e 6 dcfb 0 e 21 CAPTCHA
A Failed Attempt SHA 1(password. GWNAB 89 d 978034 a 3 f 6)=4 e 108 b 3 c 12 b 4 a 1 c 6 b 8670685 bb 9 a 63 e 40 b 8 d 7 a 1 d password Username Salt jblocki 89 d 978034 a 3 f 6 1 f 88 ecdcb 0 c 2 5 e 8 ae 1 ed 1 c 9 c e 6 f 2 e 2 e 6 dcfb 0 e 21 Answer: GWNAB Hash CAPTCHA
Human Only Solvable Puzzles jblocki, 123456 KWTER 123456 Username Salt Hash jblocki 89 d 978034 a 3 f 6 1 f 88 ecdcb 0 c 2 5 e 8 ae 1 ed 1 c 9 c e 6 f 2 e 2 e 6 dcfb 0 e 21 … SHA 1(123456 KWTER 89 d 978034 a 3 f 6)=1 f 88 e cdcb 0 c 25 e 8 ae 1 ed 1 c 9 ce 6 f 2 e 2 e 6 dcfb 0 e 21 [CHS 2006] Mitigating dictionary attacks on password-protected local storage
Limited Protection SHA 1(password. GWNAB 89 d 9780 34 a 3 f 6)=4 e 108 b 3 c 12 b 4 a 1 c 6 b 86 Open Question: Can we build a puzzle system that 70685 bb 9 a 63 e 40 b 8 d 7 a 1 d GWNAB doesn’t have this limitation? password Username Salt Hash jblocki 89 d 978034 a 3 f 6 1 f 88 ecdcb 0 c 2 [CHS 2006] Mitigating dictionary attacks on password-protected local storage 5 e 8 ae 1 ed 1 c 9 c e 6 f 2 e 2 e 6 dcfb 0 e 21 GWNAB …
Outline • Offline Dictionary Attacks • Goal: Require Human Interaction • GOTCHAs – Example Construction – GOTCHAs vs HOSPs – Security • User Study • Challenge
Inkblots • Easy to generate on computer • Human Imagination – Evil Clown?
GOTCHA: Account Creation jblocki, 123456 … evil clown, … , steroid cow … 123456 Username Salt Labels jblocki 89 d 978034 a 3 f 6 Steroid cow 0340 eebc 16 d … 09 e 5 a 747 a 9 a Evil clown c 879019 af 61 e 460770 Hash SHA 1(123456987654321089 d 978034 a 3 f 6)= 0340 eebc 16 d 09 e 5 a 747 a 9 ac 879019 af 61 e 46 0770 Inkblots
GOTCHA: Authentication jblocki, 123456 … Steroid cow, …, Evil clown … 123456 evil clown, … , steroid cow Username Salt Labels jblocki 89 d 978034 a 3 f 6 Steroid cow 0340 eebc 16 d … 09 e 5 a 747 a 9 a Evil clown c 879019 af 61 e 460770 Hash SHA 1(123456987654321089 d 978034 a 3 f 6)= 0340 eebc 16 d 09 e 5 a 747 a 9 ac 879019 af 61 e 46 0770 Inkblots
GOTCHA: Authentication jblocki, 1234567 … Steroid cow, …, Evil clown … 1234567 Steroid cow, … , evil clown Username Salt Labels jblocki 89 d 978034 a 3 f 6 Steroid cow 0340 eebc 16 d … 09 e 5 a 747 a 9 a Evil clown c 879019 af 61 e 460770 Hash SHA 1(1234567012345678989 d 978034 a 3 f 6)= babb 03 d 14600 ef 101 b 4 a 46 f 86 b 0 c 4 ae 3 f 25 aa 1 a 7 Inkblots
GOTCHAs vs HOSPs • Human Involved in Generation of Puzzle – HOSP puzzles are generated without human interaction • Puzzle need not be meaningful to user if he enters the wrong password – HOSP puzzles must always be human-solvable
Security: Real vs Fake Puzzles Real Puzzles Fake Puzzles 123456 111111 Inkblots Labels Inkblots (permuted order)
Security: Real vs Fake Solutions Real Solution Fake Solution 123456 Distribution R Inkblots Solution Labels Inkblots (permuted order) Fake Solution Inkblots (permuted Labels order)
Definition •
Offline Attacks are Expensive! Cost of Human Labor Cost of Computation
What Does GOTCHA stand for? • Generating pan. Optic Turing Tests to Tell Computers and Humans Appart
Outline • • Offline Dictionary Attacks Goal: Require Human Interaction GOTCHAs User Study – Protocol – Results – Discussion • Challenge
Study Protocol • Participants recruited on Amazon Mechanical Turk • Labeling Phase – Participants asked to label 10 Inkblot images – Paid $1 • Matching Phase – Participants asked to match their labels after 10 days. – Paid $1 (even if answers were wrong)
Labeling Phase • 10 Inkblots • Compensation: $1 • Seventy Participants
Matching Phase • 10 Days Later • Compensation: $1 (even for wrong answers) • 58 Participants
Results • 69% of users matched at least half of their images correctly
Discussion • Personal Experience vs. Study – Incentives – Better Instructions? • Time Barrier • Improved Constructions – Better Inkblots – Reject Confusing Inkblots – Multiple GOTCHAs?
Outline • • • Offline Dictionary Attacks Human Only Solvable Puzzles GOTCHAs User Study Challenge
GOTCHA Challenge • Source: http: //www. cs. cmu. edu/~jblocki/GOTCHA-Challenge. html
GOTCHA Challenge Source: http: //www. cs. cmu. edu/~jblocki/GOTCHA-Challenge. html
GOTCHA Challenge Password Winner Institution Example 123456 Carnegie Mellon University Challenge 1 Challenge 2 Challenge 3 Challenge 4 Challenge 5 ? ? ? Harry Q. Bovik N/A N/A N/A Source: http: //www. cs. cmu. edu/~jblocki/GOTCHA-Challenge. html Date Solved 7/17/2013 N/A N/A N/A
Thanks for Listening! Please direct questions to Jeremiah Blocki jblocki@cs. cmu. edu
- Slides: 36